Login

wolfgang1983 · 07-08-2015, 03:03 AM

(07-07-2015, 07:39 AM)mwhitney Wrote: Although it's not the best example I could come up with given some time (though I'm responsible for much of the code, and certainly for what I consider the most cringe-worthy portions of it), I would recommend looking at how Bonfire does this:
https://github.com/ci-bonfire/Bonfire/tr...s/database

To answer your question, though, if $tables is the input to a public method, especially in a controller, you need to do at least some basic checking to make sure it's safe. At the least, check that it's an array. The safest way to handle it would probably be to remove any entry in the array which is not also in the array of table names returned by $this->db->list_tables(). In the worst case, you can pass an empty array in the 'tables' key to get the dbutil->backup() to generate a backup of all tables in the database (of course, if you don't want that to happen, be sure to check for it).

I have been working on database backup and repair have now got it all working just a few tweaks to do now.

PHP Code:
<?php

class Backup extends MX_Controller {
    private $error = array();

    public function __construct() {
        parent::__construct();
        $this->load->library('admin/users');
        $this->load->model('admin/tool/model_tool_backup');
        $this->load->library('form_validation');
    }

    public function restore() {
        $config['upload_path'] = BASEPATH . './upload/';
        $config['allowed_types'] = 'gif|jpg|png|sql';
        $config['max_size']    = '100000';
        $config['max_width'] = '0';
        $config['max_height'] = '0';
        $config['overwrite'] = TRUE;

        $this->load->library('upload', $config);

        if ( ! $this->upload->do_upload('import')) {

            $this->error['warning'] = $this->upload->display_errors();

            $this->index();

            $content = false;

        } else {

            $content = file_get_contents($_FILES['import']['tmp_name']);

            if ($content) {

                $this->restore_database($content);

                $this->session->set_flashdata('success', 'You have successfully repaired your database');

                redirect('admin/tool/backup');

            } else {

                $this->error['warning'] = $this->upload->display_errors();

                $this->index();
            }
            
        }

        return !$this->error;
    }

    public function index() {
        $data['tables'] = $this->model_tool_backup->get_tables();

        if (($this->input->server('REQUEST_METHOD') == 'POST') && $this->validate()) {
            
            $this->backup_codeigniter($this->input->post('tables'));
        }

        if (isset($this->error['warning'])) {
            $data['error_warning'] = $this->error['warning'];
        } else {
            $data['error_warning'] = '';
        }

        if (isset($this->error['tables'])) {
            $data['error_tables'] = $this->error['tables'];
        } else {
            $data['error_tables'] = '';
        }

        $data['sidebar'] = Modules::run('admin/common/sidebar/index');
        $data['navbar'] = Modules::run('admin/common/navbar/index');
        $data['header'] = Modules::run('admin/common/header/index');
        $data['footer'] = Modules::run('admin/common/footer/index');

        $this->load->view('tool/backup_view', $data);

    }

    public function validate() {
        if (!isset($_POST['tables'])) {
            $this->error['tables'] = 'You must select at least one item';
        }

        return !$this->error;
    }
} 

Model Functions

PHP Code:
public function backup_codeigniter($tables) {
        $this->load->dbutil();

           $prefs = array(
            'tables' => $tables, 
            'ignore' => array(),
            'format' => 'txt',
            'filename' => $this->db->database . '_' . date('Y-m-d_H-i-s', time()) . '_backup.sql',
            'add_drop' => TRUE,
            'add_insert' => TRUE,
            'newline' => "\n" 
        );

        $sql = $this->dbutil->backup($prefs);

        $data = $sql;

        $backup_path = BASEPATH . 'downloads/backup/'. $prefs['filename'];

        if (write_file($backup_path, $data)) {
            return true;  
        } else {
            return false;
        }
    }

    public function restore_database($sqls) {
        foreach (explode(";\n", $sqls) as $sql) {
            $sql = trim($sql);

            if ($sql) {
                $this->db->query($sql);
            }
        }
    } 

There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!